Hi all,
I am travelling soon to the US, for my vocation and as a long-time private person I will be taking some steps to maintain my privacy as I enter the country.
As this is an interesting area of the topic, I have decided to throw the question open to all of you.
What precautions (IT, physical, mental, otherwise) do you undertake when travelling internationally?
M.
You absolutely can opt out of facial recognition at the TSA! But you have to be on your guards and make sure you request it! They might fake not knowing so you should insist!
If I just would have known it earlier.
It was quite the surprise when boarding the return flight without having to show any baoarding passes.
if that’s true, you are probably opting out of them telling you they are using facial recognition… but they probably still use it… how else would they know how to exclude you?
I believe they use a special camera for this, if you opt out you don’t go in front of it. But s, yes, surely there’s a ton of other facial recognition in airports using security cameras and stuff. Total Domain Awareness is everywhere. But every bit counts.
I wore a proper N95 mask the whole time. Told people I have cancer and am immune compromised so I can’t take it off (ok that bit’s true). Never had any problem avoiding facial recognition; but it’s possible that their particular facial recognition works around masks.
Some glasses, mask, maybe a hat will work as well
Guessing you’ll take a burner phone? On arrival and Dep in Aus they can demand you open it and they can search anything. If you refuse they quarantine your phone for 14 days and prob use some Israeli software to access the contents
Last time I completely re-flashed my phone and only loaded it up with some “travel” accounts that were very basic. It was quite a lot of hassle, though.
This time I think I will just sign out of and delete any cloud services/accounts of concern (including my password safe) from the phone. I will sanitise it of anything I don’t want getting into anothers hands.
Once I am safely across the border I can re-download/install what I need.
and prob use some Israeli software to access the contents
wut?
https://en.m.wikipedia.org/wiki/Pegasus_(spyware)
Not quite how that one works, but I believe that was the intended reference.
deleted by creator
You know those movies were the main character blinks and their stuff gets stolen? That’s pretty much true in some of the cities.
Also if someone is asking you for gas money, help at the atm, trying to sell you something random - leave.
lemmy.one/c/scams seems to have a lot of the common ones listed. It might be worth lurking on r/scams to see if there’s anything more current to watch out for.
Either bring a burner phone, or make sure you disable biometrics before you land. You could also consider wiping the phone and then restoring from a backup later on.
Also, learn about your constitutional rights and any relevant state laws (e.g. the CCPA in California). You probably won’t have to mention them, but they’re good to know.
Encrypted personal devices, and VPNs, mostly. It’s really difficult to maintain real privacy when travelling through customs, the best I can do is make sure my persisted data is safe, and my internet traffic is obfuscated.
EDIT: I keep an encrypted USB pen drive with emergency information on it, should something happen to my phone or laptop, I can quickly get back off the ground.
How do you have that pen drive setup? What are you using to encrypt that drive? If it’s a third party encryptor, do you have the encrypt or install file downloaded on that drive also? Basically, what’s the process to get back up and running again?
I use VeraCrypt to encrypt the whole partition, with a password. I then have on the encrypted partition a backup of my phone contacts, as well as a restricted access wireguard config file pointed at my server. That server hosts VaultWarden, where I can log in with an additional password, and download a wireguard config file with higher access. I then connect using said higher access VPN profile and can download phone backups, access a VaultWarden account with my actual logins, etc.
Use burner devices with no access to personal stuff
Do not even bring your own electronics (phone, laptop) as it can be destroyed, stolen or lost by customs, TSA, and the airlines respectively.
buy a burner phone when you get there and leave your phone at home… also use cash and not credit cards… it would help to know exactly where you are going to be able to give more tips…
deleted by creator
exactly. each states, cities or even neighborhoods can be completely different…
Downtown Atlanta, moving just a few blocks can put you in a hell hole. Some stores need to have multiple cops guarding them at all times, for example.
Anything email or text related on your phone should be printed off. If you hand the border agent your phone they will take that opportunity to read your recent texts and emails.
I’ve never seen this, but I still get physical boarding passes every time. At most airports, you just scan your phone and the agent waves you on. However, if you hand a police officer of any variety your phone, they can attempt to access whatever they want w/o a warrant, which sucks, so it’s not really a risk worth taking when you can usually print a boarding pass at a kiosk.
It happens frequently if you’re bussing into the US. Using a poor person’s method of travel makes them very suspicious
Ah, makes sense. My coworker is from Mexico, and he says it’s best to either walk or drive into the US, don’t take transit.
They don’t have time to give a shit about each individual that goes through customs
Imagine you’re visiting a dystopian police state with ubiquitous surveillance and a non-zero chance to be thrown in jail without due process, because you are.
When dealing with the police, be very, very careful what you say to them directly. Be polite, be patient, but be pithy.
And don’t be black, make sure to generously apply white face
Doesn’t the US have the right to remain silent? Serious question—I thought it did. The advice here is to always stfu when cops try to speak to you, until you either get advice from a lawyer or very specific questions you can answer to expedite your release. If you have the right to remain silent I’d always suggest you exercise that right, and not even make “polite” small talk, just say nothing or “no comment”.
Soooo the data on your phone isn’t gone because you delete or reset the phone. You literally need to write a blob of zeros or random numbers to fill the space again.
And even that is questionable as there are areas of the storage you are not allowed to write too – and those areas could contain identifiable data like contacts, SMS, etc…
Just a FYI
Not quite true for phones or anything with SSDs with trim enabled - in most scenarios the data is unrecoverable except for tiny fragments or if you go through some huge effort of pulling the flash chips out and also are lucky, true enough for memory cards or spinning disks though.
On Android for example, trim only runs every 24h, if the battery is above a certain charge level, and maybe some.other conditions. So it’s not entirely bulletproof either. Recent things can be recovered.
Definitely not bulletproof - but unless they’re after you specifically, and this is the only avenue remaining, the cost of attempting recovery and the risk of alerting you that they are in fact after you, when in the vast majority of circumstances it would yield very little, one would think there’d be cheaper ways to get your data directly from cloud providers or through other, more traditional methods.
Then again I could be naive about this.
This is not true. As soon as the key is wiped from the TPM-like thingy, any data left on the flash is unrecoverable.
Here are some helpful links from the EFF (Electronic Frontier Foundation) on the topic:
https://www.eff.org/wp/defending-privacy-us-border-guide-travelers-carrying-digital-devices
https://www.eff.org/files/2017/03/10/digital-privacy-border-2017-guide3.10.17.pdf
https://www.eff.org/files/2018/01/11/border-pocket-guide-2.pdf
https://www.eff.org/issues/border-searches
I’m sure there’s more that I haven’t put here, feel free to sift through the search page
Having lived in the U.S. my whole life, (and this doesn’t speak for everyone), it’s not the dystopia people make it out to be all the time. In fact, people will likely judge you for wearing a face mask. If you care about hiding your face, sunglasses and a cap is enough. Remember to be reasonable with your threat model!
Bring your own router. Don’t plug things directly into the ethernet jacks in hotel rooms. Plug your router into there and connect to it instead. If you can then VPN into your home network, even better.
DD-WRT is fairly easy to set up and has VPN support. I recommend using Wireguard as opposed to OpenVPN due to efficiency, ESPECIALLY WITH CHEAP WEAK ROUTERS.
I mean, it’s a huge difference from my tests. With OpenVPN I hit 100% CPU usage on my Cisco Linksys WRT160NL at just 5Mbps. With Wireguard I was doing 25Mbps with just around 20% CPU usage (reported bytop
, not webUI).
A lot of the comments here are straight up nuts. Do what you do at home. If that’s a VPN, go for it. If you rawdog it, whatevs.
Https is on almost everything at this point, so just be smart like normal.
I doubt anyone cares enough to bug you that much.
You weren’t kidding, holy shit. Like, I understand wanting to make sure that your privacy is protected at all costs, but at the same time some of these suggestions sound straight up tinfoil hat.
The US is not some fucked up dystopian police state where everyone is “out to get” the next person they see on the street (but I’ll wholeheartedly agree that some parts are absolute shit). No, there aren’t cities where if you blink all your shit’s gonna be stolen (parts of some, sure). In fact, most people will actually actively try to lend a hand, the worst that might happen is a total stranger ignores you when it’s obvious you may need help with something.
Idk, as an American who’s travelled the US quite a bit, I guess it kinda pisses me off when I see generalizing statements like those. Just like it would literally anyone else.
Edit: if you’re truly worried, why not just stay home or something?
What you can do is setup a VPN to your home at least. From their it is the same as you always would.
If you can, a GrapheneOS phone would be a good investment. It allows for multiple profiles so you can switch to your travel one and just call it [your name], have a few dummy ones, and have your actual main profile be something inconspicuous like “kids’ profile” or just any name that they wouldn’t deem necessary to search (what border patrol would actually dig around that much in your phone).
Burner phone. Cheap laptop with nothing on it (like a Chromebook). Burner Gmail address and birbsite profile in case they ask you to log into your accounts. Remember the 100 mile border zone.